On Thursday 06 June 2002 15:45, Maciej Soltysiak wrote: > Hello, > > i think somebody should write a short and simple FAQ for this. > This type of questions are appearing very often. > > I belive that, you do not need to add special filtering rules for > forwarders, secondaries, etc. > > Properly configure your DNS server, use ACLs. > > Using netfilter you can not judge whether TCP:53 packet is a zone transfer > or just a query. If you only expect to receive queries from internal interfaces then there should be no 'queries' from external sources.
> > Regards, > Maciej Soltysiak -- ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
